使用SecureZeroMemory（）真的有助于使应用程序更安全吗？ [英] Does using SecureZeroMemory() really help to make the application more secure?

问题描述

WinAPI中有一个SecureZeroMemory（）函数，用于在不再需要缓冲区时擦除用于存储密码/加密密钥/类似内容的内存。它不同于ZeroMemory（），因为它的调用不会被编译器优化。

There's a SecureZeroMemory() function in WinAPI that is designed for erasing the memory used for storing passwords/encryption keys/similar stuff when the buffer is no longer needed. It differs from ZeroMemory() in that its call will not be optimized out by the compiler.

是否真的有必要擦除用于存储敏感数据的内存？它是否真的使应用程序更安全？

Is it really so necessary to erase the memory used for storing sensitive data? Does it really make the application more secure?

我理解数据可以写入交换文件或休眠文件，其他进程可能读取我的程序的内存。但是，当数据仍在使用时，也会发生同样的情况。

I understand that data could be written into swapfile or into hibernation file and that other processes could possibly read my program's memory. But the same could happen with the data when it is still in use. Why is use, then erase better than just use?

推荐答案

为什么它做。例如，休眠文件未加密。如果你不安全地清除内存，你可能会遇到麻烦。这只是一个例子，但。你应该总是在记忆中保持秘密的东西只要需要。

It does. Hibernation file is not encrypted, for example. And if you don't securely clear the memory, you might end up with trouble. It's just a single example, though. You should always hold secret stuff in memory only as long as needed.

这篇关于使用SecureZeroMemory（）真的有助于使应用程序更安全吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！